TABLE OF CONTENTS
To add a SharePoint connection, go to the Connections page which is accessible via Menu -> Connected Data -> Connections. You must be an Administrator level user to see this option.
- Click the ADD CONNECTION button on the top right of the page to add a new connection.
This will bring up a list of connections from which you can choose.
Click on SharePoint to add a new connection.
Setting up your Connection
There are two different authentication types that are supported for SharePoint:
- User Account authentication
- App-Only Principal authentication
User Account Authentication
The simplest and recommended way of connecting your SharePoint site is by using your SharePoint user account credentials. We recommend creating a dedicated SharePoint user specifically for use by our platform, as you can then restrict access as needed and clearly see what changes our Connectors make to your site.
Please note that this method will not allow connections to SharePoint servers with multi-factor authentication (MFA) enabled. To connect to SharePoint with MFA successfully, please use App-Only Authentication instead (see below).
App-Only Principal Authentication
The App-Only principal authentication is an older way of authenticating to SharePoint. This involves a more complicated setup process to get up and running and we only recommend this approach if your corporate policy does not permit providing user credentials. This method will also allow connections to SharePoint servers with multi-factor authentication (MFA) enabled.
A full Microsoft article on how to set up SharePoint App-Only authentication can be seen here: Granting access using SharePoint App-Only
Important Microsoft Note:
Azure Access Control (ACS), a service of Azure Active Directory (Azure AD), has been retired on November 7, 2018. This retirement does not impact the SharePoint Add-in model, which uses the https://accounts.accesscontrol.windows.net hostname (which is not impacted by this retirement). For more information, see Impact of Azure Access Control retirement for SharePoint Add-ins. For new tenants, apps using an ACS app-only access token is disabled by default. We recommend using the Azure AD app-only model which is modern and more secure. But you can change the behavior by running ‘set-spotenant -DisableCustomAppAuthentication $false' (needs the latest SharePoint admin PowerShell).
To grant access using SharePoint App-Only authentication, you need to set up tenant permissions. First, navigate to your SharePoint site, being sure to include -admin at the end of the site domain (e.g., https://yourcompany-admin.sharepoint.com). Next, open up the appregnew.aspx page (e.g., https://yourcompany-admin.sharepoint.com/_layouts/15/appregnew.aspx). Once the page has finished loading, click on the Generate button next to the Client Id and Client Secret text fields to generate a valid client id and client secret credentials. Fill in the remaining required text fields as indicated in the screenshot below.
The client id and client secret need to be stored as you'll need it in the next step.
You need to grant permissions to the newly created principal. This can be done via the appinv.aspx page on your SharePoint administrator site which can be reached via https://yourcompany-admin.sharepoint.com/_layouts/15/appinv.aspx. Once the page has finished loading, add your client id in the App Id text field and click on the Lookup button to search for your newly-created principal account.
Grant the required permissions in the App's Permissions Request XML text field as indicated exactly below, copying and pasting this into the "Permission Request XML" text entry box:
<AppPermissionRequests AllowAppOnlyPolicy="true">
<AppPermissionRequest Scope="http://sharepoint/content/tenant" Right="FullControl" />
</AppPermissionRequests>
Once you've created your app permissions request, SharePoint will provide you with a dialog indicating whether you trust YourCompanyApp. Click on the Trust It button to grant the permissions.
Once the above steps have been completed, you will be ready to fill in your client id and client secret into your connection on our platform as indicated by the placeholders below (in the example, YourCompanyClientId and YourCompanyClientSecret).
Finally, click the SAVE button on the top right of the page to store your configuration. Your connection will then be verified automatically, and you will see a green checkmark if everything is working.